Comcast Corp CMCSA has confirmed that a critical security vulnerability, "CitrixBleed," led to unauthorized access to the sensitive information of nearly 36 million Xfinity customers.
This flaw is present in Citrix networking devices, widely used by large corporations.
Despite patches released by Citrix in early October, many companies, including Comcast, did not apply them in time, leaving them vulnerable to hacker exploitation.
Significant organizations like Boeing Co BA, the Industrial and Commercial Bank of China, and the law firm Allen & Overy have also been victims of this vulnerability, the TechCrunch reports.
Also Read: Comcast Raises Prices Across the Board: How Much More Will You Shell Out Monthly?
Hackers exploited CitrixBleed to infiltrate Comcast's systems between October 16 and 19, but the company didn't detect the breach until October 25.
By November 16, Xfinity realized that the hacker had acquired customer data, and by December, they confirmed that compromised data included customer usernames and hashed passwords.
Additionally, the hacker accessed some customers' names, contact information, birth dates, partial Social Security numbers, and secret question answers. The hashing algorithm used for the passwords and its strength remains to be determined.
In a filing with Maine's attorney general, Comcast revealed that almost 35.8 million customers were affected, nearly encompassing its broadband customer base of over 32 million.
The company has not disclosed whether it received any ransom demands or filed the incident with the U.S. SEC. Comcast asserts there's no evidence of customer data leakage or attacks on customers.
As a precaution, Xfinity requires customers to reset their passwords and recommends using two-factor or multi-factor authentication, which is not mandatory by default.
Price Action: CMCSA shares closed at $44.70 on Tuesday.
Also Read: Comcast's Peacock Hits New Heights in Streaming War, Outshining Competitors with Creative Edge
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
Photo via Wikimedia Commons
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
